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Abstract 

We study the bisimilarity problem for probabilistic pushdown automata (pPDA) and subclasses 
thereof. Our definition of pPDA allows both probabilistic and non-deterministic branching, 
generalising the classical notion of pushdown automata (without e-transitions) . Our first con- 
tribution is a general construction that reduces checking bisimilarity of probabilistic transition 
systems to checking bisimilarity of non-deterministic transition systems. This construction dir- 
ectly yields decidability of bisimilarity for pPDA, as well as an elementary upper bound for 
the bisimilarity problem on the subclass of probabilistic basic process algebras, i.e., single-state 
pPDA. We further show that, with careful analysis, the general reduction can be used to prove 
an EXPTIME upper bound for bisimilarity of probabilistic visibly pushdown automata. Here 
we also provide a matching lower bound, establishing EXPTIME-completeness. Finally we prove 
that deciding bisimilarity of probabilistic one-counter automata, another subclass of pPDA, is 
PSPACE-complete. Here we use a more specialised argument to obtain optimal complexity 
bounds. 
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1 Introduction 

Equivalence checking is the problem of determining whether two systems are semantically 
identical. This is an important question in automated verification and, more generally, rep- 
resents a line of research that can be traced back to the inception of theoretical computer 
science. A great deal of work in this area has been devoted to the complexity of bisimil- 
arity for various classes of infinite-state systems related to grammars, such as one-counter 
automata, basic process algebras, and pushdown automata, see [3J for an overview. We men- 
tion in particular the landmark result showing the decidability of bisimilarity for pushdown 
automata [13] . 

In this paper we are concerned with probabilistic pushdown automata (pPDA), that is, 
pushdown automata with both non-deterministic and probabilistic branching. In particu- 
lar, our pPDA generalise classical pushdown automata without e-transitions. We refer to 
automata with only probabilistic branching as fully probabilistic. 

We consider the complexity of checking bisimilarity for probabilistic pushdown automata 
and various subclasses thereof. The subclasses we consider are probabilistic versions of mod- 
els that have been extensively studied in previous works [HUES- ^ n particular, we consider 
probabilistic one-counter automata (pOCA), which are probabilistic pushdown automata 
with singleton stack alphabet; probabilistic Basic Process Algebras (pBPA), which are single- 
state probabilistic pushdown automata; probabilistic visibly pushdown automata (pvPDA), 
which are automata in which the stack action, whether to push or pop, for each transition 
is determined by the input letter. Probabilistic one-counter automata have been studied in 
the classical theory of stochastic processes as quasi-birth- death processes [SJ. Probabilistic 
BPA seems to have been introduced in [3] . 



While the complexity of bisimilarity for finite-state probabilistic automata is well un- 
derstood [TJ |S] , there are relatively few works on equivalence of infinite-state probabilistic 
systems. Bisimilarity of probabilistic BPA was shown decidable in [3J, but without any 
complexity bound. In [7] probabilistic simulation between probabilistic pushdown automata 
and finite state systems was studied. 

1.1 Contribution 

The starting point of the paper is a construction that can be used to reduce the bisimilarity 
problem for many classes of probabilistic systems to the bisimilarity problem for their non- 
probabilistic counterparts. The reduction relies on the observation that in the bisimilarity 
problem, the numbers that occur as probabilities in a probabilistic system can be "encoded" 
as actions in the non-probabilistic system. This comes at the price of an exponential blow- 
up in the branching size, but still allows us to establish several new results. It is perhaps 
surprising that there is a relatively simple reduction of probabilistic bisimilarity to ordinary 
bisimilarity. Hitherto it has been typical to establish decidability in the probabilistic case 
using bespoke proofs, see, e.g., [3J|7]. Instead, using our reduction, we can leverage the rich 
theory that has been developed in the non-probabilistic case. 
The main results of the paper are as follows: 

Using the above-mentioned reduction together with the result of |14j . we show that 
bisimilarity for probabilistic pushdown automata is decidable. 

For the subclass of probabilistic BPA, i.e., automata with a single control state, the 
same reduction yields a 3EXPTIME upper bound for checking bisimilarity via a doubly 
exponential procedure for bisimilarity on BPA [I] (see also [ID])- This improves the 
result of [3J, where only a decidability result was given without any complexity bound. 
An EXP TIME lower bound for this problem follows from the recent work of [TT] for 
non-probabilistic systems. 

For probabilistic visibly pushdown automata, the above reduction immediately yields a 
2EXPTIME upper bound. However we show that with more careful analysis we can 
extract an EXPTIME upper bound. In this case we also show EXPTIME- hardness, thus 
obtaining matching lower and upper bounds. 

For fully probabilistic one-counter automata we obtain matching lower and upper 
PSPACE bounds for the bisimilarity problem. In both cases the bounds are obtained by 
adapting constructions from the non-deterministic case |15L [5] rather than by using the 
generic reduction described above. 

2 Preliminaries 

Given a countable set A, a probability distribution on A is a function d : A — > [0, 1] H Q (the 
rationals) such that J2 a eA^( a ) = 1- A probability distribution is Dirac if it assigns 1 to 
one element and to all the others. The support of a probability distribution d. is the set 
support(d) := {a E A : d(a) > 0}. The set of all probability distributions on A is denoted 
byV(A). 

2.1 Probabilistic Transition Systems. 

A probabilistic labelled transition system (pLTS) is a tuple S — (5, X, — >), where 5* is a finite 
or countable set of states, X is a finite input alphabet, and -iCSxEx T^{S) is a transition 
relation. We write s — > d to say that (s,a,d) € — >. We also write s — > s' to say that 
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there exists s -A d with s' £ support(d). We assume that 5 is finitely branching, i.e., each 
state s has finitely many transitions s A i In general a pLTS combines probabilistic and 
non-deterministic branching. A pLTS is said to be fully probabilistic if for each state s £ S 
and action a £ E we have sArf for at most one distribution d. Given a fully probabilistic 
pLTS, we write s —A s' to say that there is s -A- d such that d(s') = x. 

Let 5 — (S, E, — x) be a pLTS and i? an equivalence relation on S. We say that two 
distributions d, d' £ V (S) are R- equivalent if for all inequivalence classes E, J^sge ^( s ) = 
^ sgE <i'(s). We furthermore say that R is a bisimulation relation if s i? t implies that for 
each action a £ £ and each transition s -A d there is a transition i -A d' such that d and d' 
are i?-equivalent. The union of all bisimulation relations of 5 is itself a bisimulation relation. 
This relation is called bisimilarity and is denoted ~ |13j . 

We also have the following inductive characterisation of bisimilarity. Define a decreasing 
sequence of equivalence relations ~o =2 ~i ^ ~2 =? ■ ■ • by putting s ^ Q t for all s,t, and 
s ~ n +i i if and only if for all a £ £ and s -A d there is f A d' such that XAse ^( s ) = 
SsG-E^'( s ) ^ or a ^ ~ n -equivalence classes E. It is then straightforward that the sequence 
~ n converges to ~, i.e., n„ e N~" = ~- 



2.2 Probabilistic Pushdown Automata. 



A probabilistic pushdown automaton (pPDA) is a tuple A = (Q, T, E, '—>) where Q is a finite 
set of states, T is a finite stack alphabet, E is a finite input alphabet, and 4CQxTxSx 
X>(<3 x T^ 2 ) (with T^ 2 := {e} U T U (r x T)) (where e denotes the empty string). 

When speaking of the size of A, we assume that the probabilities in the transition 
relation are given as quotients of integers written in binary. A tuple (q, X) € Q x V is called 
a head. A pPDA is fully probabilistic if for each head (q, X) and action a £ E there is at 
most one distribution d with (q,X,a,d) £ <L ->. A configuration of a pPDA is an element 
(q, (3) £ Q x r*, and we sometimes write just q(3 instead of (q,(3). We write qX <—> d to 
denote (q,X,a,d) £ ^4, that is, in a control state q with X at the top of the stack the 
pPDA makes an a-transition to the distribution d. In a fully probabilistic pPDA we also 

a, x a 

write qX 1 — > rp if qX ^ d and d(rp) = x. 

A probabilistic basic process algebra (pBPA) A is a pPDA with only one control state. 
In this case we sometimes omit the control state from the representation of a configuration. 
A probabilistic one-counter automaton (pOCA) is a pPDA with a stack alphabet containing 
only two symbols X and Z, where the transition function is restricted so that Z always and 
only occurs at the bottom of the stack. A probabilistic visibly pushdown automaton (pvPDA ) 
is a pPDA with a partition of the actions E = E r U Ej nt U E c such that for all pX ^-x d we 
have: if a £ E r then support(d) C Q x {e}; if a € Sj„ t then support(d) C Q x T; if a £ E c 
then support(d) CQx (r x T). 

A pPDA A = (Q, T, E, ^) generates a pLTS 5(A) = (Q x F% E, -») as follows. For each 
/? e T* a rule gA A d of A induces a transition qXf3 -A- d' in 5(A), where d' £ V(Q x T*) 
is defined by d'(pa/3) = d(pa) for all p £ Q and a £ T* . Note that all configurations with 
the empty stack define terminating states of 5(A). 

The bisimilarity problem asks whether two configurations and (72^2 of a given pPDA 
A are bisimilar when regarded as states of the induced pLTS 5(A). 



Example 1. Consider the fully probabilistic pPDA A = ({p, q, r}, {X, X' , Y, Z}, {a}, 
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Figure 1 A fragment of 5(A) from Example [l] 
with the following rules (omitting the unique action a): 



pX ^4 qXX, 
rX w rYX, 
rX' <^> rYX, 



rX ^4 rYX', 
rX' rYX', 



Y \ 

pX < — >p, 

Y °A 
rX c — > r, 

y> °A 
rX ' — > r. 



qX ^ pXX, 
rY ^ rXX, 



The restriction of A to the control states p, q and to the stack symbols X, Z yields a pOCA. 
The restriction of A to the control state r and the stack symbols X, X' , Y yields a pBPA. 
A fragment of the pLTS 5(A) is shown in Figure [I] The configurations pXZ and rX arc 
bisimilar, as there is a bisimulation relation with equivalence classes {pX k Z} U {™ | w £ 
{X, X'} k } for all k > and {qX k+1 Z} U {rYw \ w £ {X,X'} k } for all k > 1. 



3 From Probabilistic to Nondeterministic Bisimilarity 

A nondeterministic pushdown automaton (PDA) is a special case of a probabilistic pushdown 
automaton in which the transition function assigns only Dirac distributions. We give a novel 
reduction of the bisimilarity problem for pPDA to the bisimilarity problem for PDA. Because 
the latter is known to be decidable |14j , we get decidability of the bisimilarity problem for 
pPDA. 

As a first step we give the following characterisation of inequivalence of two distributions 
(defined earlier). 

► Lemma 2. Let R be an equivalence relation on a set S. Two distributions d,d! on S are 
R-equivalent if and only if for all AC. S we have d(A) < d'(R(A)), where R(A) denotes the 
image of A under R. 

Proof. For the if direction we reason as follows. For each equivalence class E we have 
d{E) < d'(E). But since d and d! have total mass 1 we must have d(E) = d'(E) for all 
equivalence classes E. 

Conversely if d and d! are i?-equivalent. Then d(A) < d(R(A)) — d'(R(A)) for any set 
A, since R(A) is a countable union of equivalence classes. -4 

We now give our reduction. Let A = (Q,T, S, be a pPDA and <?i7i, 9272 two 
configurations of A. We define a new PDA A' — (Q, V , <>->•) that extends A with extra 
stack symbols, input letters and transition rules. In particular, a configuration of A can also 
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be regarded as a configuration of A'. The definition of A' is such that two A-configurations 
<7i7i and 9272 are bisimilar in A if and only if the same two configurations are bisimilar in 
A'. 

Intuitively we eliminate probabilistic transitions by treating probabilities as part of the 
input alphabet. To this end, let W C Q be the set of rational numbers of the form d(A) for 
some rule pX <—> d in A and A C supported). Think of W as the set of relevant transition 
weights. 

We define A' as follows. Note that when defining rules of A' we write just 97 instead of 
the Dirac distribution assigning 1 to 97. 

The stack alphabet T' contains all symbols from T. In addition, for every rule pX d 
in A it contains a new symbol (0?) and for every T C supported) a symbol (T). 
The input alphabet £' is equal to S U W U {#} where # is a distinguished action not in 
E or W. 

The transition function o— > is defined as follows. For every rule qX d, there is a rule 
qX o-> q(d). We also have a rule q(d) o-> q(T) if T C supported) and d{T) > w £ W. 

Finally, we have a rule q(T) o— » pa if pa £ T. 

The PDA A' can be constructed in time exponential in the size of A, and in polynomial 
time if the branching degree of A is bounded (i.e. if we fix a number N and consider only pP- 



DAs with branching degree at most N). See Appendix A. 2 for the analysis. The correctness 
of the construction is captured by the following lemma and proved in Appendix |A.1| 

► Lemma 3. For any configurations 9171,(7272 of A we have 9171 ~ 9272 in A if and only 
«/<7i7i ~ 9272 in A'. 

Let us show intuitively why bisimilar configurations in A remain bisimilar considered as 
configurations of A'. Every computation step of A is simulated in three steps by A'. Let 
<7i-Xi7i and 92X272 be bisimilar configurations of A. Then in A' a transition of 51X171 
to 9i(di)7i can be matched by a transition (under the same action) of 92X272 to 92(^2)72 
such that the distributions d\ and di are ^-equivalent (and vice versa). In particular, 
by Lemma [2j for any set of configurations T the set T 1 obtained by saturating T under 
bisimilarity is such that d\(T) < (^(T"). Let T and T' respectively contain the elements 
of T and X" from which the suffixes 71 and 72 are removed. Then, as a second step of 
simulation of A by A', a transition of qi(di)ji to a state qi(T)^i with label w £ W can be 
matched by a transition of A' to q2(T')j2 with the same label (similarly any transition of 
92(^2)72 can be matched by a transition of 91(^1)71). Finally, as T and T" contain elements 
from the same bisimilarity equivalence classes, in the third step a ^-transition from qi{T)^\ 
to some <3^Q!i7i can be matched by a ^-transition of q2(T / )j2 to ^(^2^2 such that q[ai~fi 
and <?2 a 272 are again bisimilar in A (and vice versa). 

The three steps are illustrated in Figure [2] where the successors of the configurations 
pXZ and rX in the system S(A') for the PDA A' constructed from the pPDA A from 
Example [l] are drawn. 

Lemma [3] gives rise to the following theorem. 

► Theorem 4. For any pPDA A there is a PDA A' constructible in exponential time such 
that for any configurations 9171,9272 of A we have 9171 ~ 9272 in A if and only 1/9171 ~ 
9272 in A'. In addition, if A is a pBPA, then A' is a BP A. 

Using Theorem [4] and [TU U] , we get the following corollary. 

► Corollary 5. The bisimilarity problem for pPDA is decidable, and the bisimilarity problem 
for pBPA is decidable in triply exponential time. 
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Figure 2 An example of the construction for Lemma [3] Here, an arrow labelled W(x) is an 
abbreviation for multiple transitions labelled by all multiples of 0.1 between 0.1 and x. 



4 Upper Bounds 

4.1 Bisimilarity of pOCA is in PSPACE 

The bisimilarity problem for (non-probabilistic) one-counter automata is PSPACE-complete, 
as shown in [2 . It turns out that for pOCA we get PSPACE-completeness as well. The 
lower bound is shown in Section [5] here we show: 

► Theorem 6. The bisimilarity problem for pOCA is in PSPACE, even if we present the 
instance A = (Q,{Z,X},T,,^-), P X m Z,qX n Z (for which we ask ifpX m Z ~ qX n Z) by a 
shorthand using m, n written in binary. 

The reduction underlying Theorem [4] would only provide an exponential-space upper bound, 
so we give a pOCA-specific polynomial-space algorithm. In fact, we adapt the algorithm 
from [2J; the principles are the same but some ingredients have to be slightly modified. The 
following text is meant to give the idea in a self-contained manner, though at a more abstract 
level than in [2J . The main difference is in the notion of local consistency, discussed around 
Proposition [TT] 

Similarly as [2J , we use a geometrical presentation of relations on the set of configurations 



(Fig. 3(a) reflects such a presentation). A relation can be identified with a 1/0 (or YES/NO) 
colouring of the "grid" N x N x (Q x Q): 

► Definition 7. For a relation R on Q x ({X}*Z), by the (characteristic) colouring xr we 
mean the function \R '■ N x N x (Q x Q) — > {1, 0} where XR( m i n ? (Pi q)) = 1 if and only if 
( P X m Z,qX n Z) G R. Given (a colouring) x : N x N x (Q x Q) -> {1, 0}, by R x we denote 
the relation R x = {( P X m Z,qX n Z) | x(m,n, (p,q)) = 1}. 

The algorithm uses the fact that x~ is "regular", i.e. {(m,n, (p, q)) | pX m Z ~ qX n Z} is 
a (special) semilinear set. More concretely, there are polynomials poli,pol2 : N — » N (in- 
dependent of the pOCA A) such that the following partition of the grid N x N x (Q x Q) 
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(91.92) 
(9i, 91 



(a) Partition of a grid, and a moving vertical 
window of width 3 




(b) AND-gadget (top) and 
OR-gadget (bottom) 



Figure 3 Figures for Section 4.1 (left) and [H] (right) 



(sketched in Fig. |3(a)[ ) has an important property specified later. If Q — {qi,q2, ■ ■ ■ ,<?&}, 
hence \Q\ — fc, then the grid is partitioned into three parts: the initial-space, i.e. 
{(m,n,(p,q)) | to, n < po^ik)}, the belt-space, which is given by at most fc 4 linear belts, 
with the slopes % where c, d G {1,2,..., k 2 } and with the (vertical) thickness bounded by 
poli(k), and the rest, called the background. Moreover, polity is sufficiently large w.r.t. 
poh(k), so that the belts are separated by the background outside the initial space. 

The mentioned important property is that there is a period tp, given by an exponential 
function of k, such that if two points (to, n, {p, q)) and (to + itp, n + jip, (p, q)) (for i, j e N) 
are both in the background, for both to, n larger then a polynomial bound, then x~ nas the 
same value for both these points; in other words, x~ colours the background periodically. 
Another important ingredient is the locality of the bisimulation conditions, resulting from 
the fact that the counter value can change by at most 1 per step. 

To explain the "grid-partition", we start with considering the finite automaton un- 
derlying A; JF& behaves like A "pretending" that the counter is always positive. 

► Definition 8. For a pOCA A = (Q,{Z,X},Y,,'-+), in the underlying finite pLTS 7a = 
(Q, T,, — >) we have a transition p d' if and only if there is a transition pX ^ d such that 
d'(q) = d(q, e) + d(q, X) + d(q, XX) (for all q € Q). 

Using standard partition-refinement arguments, we observe that ^-1=^=^ on when 
k = \Q\. For configurations of A we now define the distance dist to the set of configurations 
which are "INCompatible" with 

► Definition 9. Assuming a pOCA A = (Q, {Z, X}, E, where \Q\ = k, 
we define INC C Q x ({X}* Z) and dist : Q x ({X}* Z) — > N U {00} as follows: 
- INC = {pX m Z \WqeQ: pX m Z ^ k q} (where q is a state in _F A ), 

_ d\st(pX m Z) = min { I \ 3qj e INC : pX m Z(^) e q'y } ; we set min = 00. 

Since pX m Z ~ TO p (by induction on m), and thus pX m Z G INC implies to < fc, we can 

surely construct INC for a given pOCA in polynomial space. 

► Proposition 10. 
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1. IfpX m Z ~ qX n Z then d\st(pX m Z) = d\st(qX n Z). 

2. Ifd\st(pX m Z) = d\st(qX n Z) = oo then pX m Z ~ qX n Z iffpX rn Z ~ fc q X n Z. 

The proof is the same as in the non-probabilistic case. (Point 1 is obvious. For Point 
2 we verify that the set { ( qi X ni Z, q 2 X n2 Z) \ qi X ni Z ~ fc q 2 X n2 Z and d\st( qi X ,ll Z) = 
dist^A™ 2 Z) = oo is a bisimulation.) 

Consider a shortest path from pX m Z to INC (for large to). It is not hard to prove (as 
in [21 Lemma 10]) that such a path can be based on iterating a simple counter-decreasing 
cycle (of length < k), possibly preceded by a polynomial prefix and followed by a polynomial 
suffix. So (finite) d\st(pX m Z) can be always expressed by the use of linear functions ^m + b 
where I, e < k are the length and the decreasing effect of a simple cycle and b is bounded 
by a polynomial in k. It follows that if we have d\st(pX m Z) = d\st(qX n Z) < oo, then 
n = ^-§jto + which shows that (to, n, (p, q)) lies in one of the above mentioned belts, or 
in the initial space when to, n are small. 

As a consequence, in the background points (to, n, (p, q)) we have either d\st(pX m Z) = 
d\st(qX n Z) = oo, and X~(m,n, (p,q)) = 1 if and only if pX m Z ~ k qX n Z, or d\st(pX m Z) ^ 
d\st(qX n Z) (and thus x~( TO , n i {Pi ?)) = 0). So we can easily compute x~ f° r anv background 
point in polynomial space. 

The above mentioned shortest paths to INC also show that if we choose ip — kl (so 
ip = 0(2 fcl °s fc )) then we have pX m Z ^* INC if and only if pX^ m+ ^Z ^* INC (for to larger 
than some polynomial bound), since the counter-effect of each simple cycle divides ip. Hence 
tjj is a background period as mentioned above. 

A nondeterministic algorithm, verifying that poX m " Z ~ q^X n ° Z for (too, rich {Poilo)) m 
the initial or belt-space, is based on "moving a vertical window of width 3" (as depicted 



in Fig. 3(a)); in each phase, the window is moved by 1 (to the right), its intersection with 
the initial and belt space (containing polynomially many points) is computed, a colouring 
on this intersection is guessed (x~ is intended) and its (local) consistency is checked (for 
which also x~ on the neighbouring background points is computed). More precisely, in the 
first, i.e. leftmost, window position a colouring in all three (vertical) slices is guessed and 
the local consistency in the first two slices is checked; after any later shift of the window by 
one to the right, a colouring in the new (the rightmost) slice is guessed (the guesses in the 
previous two slices being remembered), and the consistency in the current middle slice is 
checked. If this is successfully performed for exponentially many steps, after (mo, no, (po, qo)) 
has been coloured with 1, then it is guaranteed that the algorithm could successfully run 
forever; the pigeonhole principle induces that each belt could be periodically coloured, with 
an exponential period compatible with the period of the background-border of the belt. 
Such a successful run of the algorithm, exponential in time but obviously only polynomial 
in the required space, is thus a witness of p X m ° Z - q Q X n °Z. Since PSPACE=NPSPACE, 
we have thus sketched a proof of Theorem [6] 

It remains to define precisely the consistency of a colouring, guaranteeing that a successful 
run of the algorithm really witnesses poX m °Z ~ q^X na Z. (As already mentioned, this is the 
main change wrt |2J.) We use the following particular variant of characterizing (probabilistic) 
bisimilarity. Given a pLTS (S, X,— ^), we say that (s,i) is consistent w.r.t. a relation R on 
S (not necessarily an equivalence) if for each s d there is t — > d' , and conversely for each 
t — > d' there is s A d, such that d, d' are -R'-equivalent where R' is the least equivalence 
containing the set {(s',t') | s — > s',t — > t' , (s',t') € R}. A relation R is consistent if each 
(s, t) G R is consistent w.r.t. R. The following proposition can be verified along the standard 
lines. 

► Proposition 11. ~ is consistent. If R is consistent then R C ~. 
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Our algorithm can surely (locally) check the above defined consistency of the constructed \ 
(i.e. of R x ). 



4.2 Bisimilarity of pvPDA is in EXPTIME 

It is shown in |151 Theorem 3.3] that the bisimilarity problem for (non-probabilistic) vPDA 
is EXPTIME-complete. We will show that the same holds for pvPDA. First we show the 
upper bound: 

► Theorem 12. The bisimilarity problem for pvPDA is in EXPTIME. 

In |15j the upper bound is proved using a reduction to the model-checking problem for (non- 
visibly) PDA and the modal ^-calculus. The latter problem is in EXPTIME by [TB . This 
reduction does not apply in the probabilistic case. The reduction from Section [3] cannot 
be directly applied cither, since it incurs an exponential blowup, yielding only a double- 
exponential algorithm if combined with the result of [IB]- Therefore we proceed as follows: 
First we give a direct proof for (non-probabilistic) vPDA, i.e., we show via a new proof that 
the bisimilarity problem for vPDA is in EXPTIME. Then we show that the reduction from 
Section [3] yields a non-probabilistic vPDA that is exponential only in a way that the new 
algorithm can be made run in single-exponential time: The crucial observation is that the 
reduction replaces each step in the pvPDA by three steps in the (non-probabilistic) vPDA. 
An exponential blowup occurs only in intermediate states of the new LTS. Our algorithm 
allows to deal with those states in a special pre-processing phase. See Appendix [S] for 
details. 

5 Lower Bounds 

In this section we show hardness results for pOCA and pvPDA. We start by defining two 
gadgets, adapted from [5], that will be used for both results. The gadgets are pLTS that 
allow us to simulate AND and OR gates using probabilistic bisimilarity. We depict the 
gadgets in Figure |3(b)[ where we assume that all edges have probability 1 /2 and have the 
same label. The gadgets satisfy the following propositions (here s A t\ \ t% is a shorthand 
for s A d where d{t{) = d(t 2 ) = 0.5). 

► Proposition 13. (AND-gadget) Suppose s,s', ti,t'i, t 2 ,t' 2 are states in a pLTS such that 
ti <ft t' 2 and the only transitions outgoing from s, s' are s A t\ \ t 2 and s' A t\ \ t' 2 . Then 
s ~ s' if and only if t\ ~ t\ A t 2 ~ t' 2 . 

► Proposition 14. (OR-gadget) Suppose s,s', ti,t' 1; t2,t' 2 , and u\2, uy 2 , u\2> , uy 2 i are 
states in a pLTS. Let the only transitions outgoing from s, s' , u±2, Ui'2, U\2< , Uyy be 

S A 1412 I UV2' , s' A 1412' I «1'2 j 
Ul2 A tx | t 2 , U V2 ' A t[ | t' 2 , Ul2> A tx | t' 2 , Ul'2 A t[ | t 2 ■ 

Then s ~ s' if and only if t\ ~ t[ V t 2 ~ t' 2 . 

5.1 Bisimilarity of pOCA is PSPACE-hard 

In this section we prove the following: 

► Theorem 15. Bisimilarity for pOCA is PSPACE-hard, even for unary (i.e., with only 
one action) and fully probabilistic pOCA, and for fixed initial configurations of the form 
pXZ, qXZ. 
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In combination with Theorem [6] we obtain: 



► Corollary 16. The bisimilarity problem for pOCA is PSPACE-complete. 

Proof of Theorem 1151 We use a reduction from the emptiness problem for alternating finite 
automata with a one- letter alphabet, known to be PSPACE-complete [8J|H]; our reduction 
resembles the reduction in [15] for (non-probabilistic) visibly one-counter automata. 

A one-letter alphabet alternating finite automaton, 1L-AFA, is a tuple A = (Q,S,qo, F) 
where Q is the (finite) set of states, Qq is the initial state, F C Q is the set of accepting 
states, and the transition function 8 assigns to each q £ Q either qi A (72 or q\ V q2, where 
<7i,<72 € Q- 

We define the predicate Acc C Q x N by induction on the second component (i.e. the 
length of a one-letter word); Acc(q,n) means " A starting in q accepts n": Acc(q, 0) if and 
only if q £ F; Acc(q, n+l) if and only if cither S(q) = q\ A q2 and we have both Acc{q\,n) 
and Acc{q2, n), or S(q) = q\ V q2 and we have Acc{q\, n) or Acc(q2, n). 

The emptiness problem for 1L-AFA asks, given a 1L-AFA A, if the set {n \ Acc(qo,n)} 
is empty. 

We reduce the emptiness of 1L-AFA to our problem. We thus assume a 1L-AFA 
(Q,S,qo,F), and we construct a pOCA A as follows. A has 2\Q\ + 3 'basic' states; the 
set of basic states is {p,p',r} UQUQ' where Q' = {</ | q £ Q} is a copy of Q and r 
is a special dead state. Additional auxiliary states will be added to implement AND- and 
OR-gadgets. A will have only one input letter, denoted a, and will be fully probabilistic. 

We aim to achieve pXZ ~ p' XZ if and only if {n \ Acc(qo, n)} is empty; another property 
will be that 

qX n Z ~ q'X n Z if and only if ^Acc{q, n). (1) 

For each q £ F we add a transition qZ <—t d where d(r, Z) = 1, but qZ is dead (i.e., there is 
no transition qZ ■A ..) if q F; q' Z is dead for any q' £ Q' . Both rX and rZ are dead as 
well. Hence is satisfied for n — 0. Now we show (JT|) holds for n > 0. 

For q with S(q) = q\ V q2 we implement an AND-gadget from Figure |3(b)| (top) guar- 
anteeing qX n+1 Z ~ q'X n+1 Z if and only if q Y X n Z ~ q[X n Z and q 2 X n Z ~ q' 2 X n Z (since 
^Acc(q,n+1) if and only if -^Acc(qi,n) and ->Acc(q2, n))\ 

We add rules qX -» r 1 X | r 2 X (this is a shorthand for qX A [r 1 X 1— > 0.5, r 2 A H> 0.5]) 
and g'A r^A | r 2 X, 

and also riA <?i | s x X, r 2 X q 2 \ s 2 X, r[X -> | siA, r 2 A ->• <j 2 | s 2 X, 

and siA — ^ siA, s\X — ^ r, S2A — ^ S2A, S2A — ^ r. The intermediate states 

r ii r 2, f' 2 , and si, S2 serve to implement the condition t\ 7^ t' 2 from Proposition |13[ 



For q with <5(g) = q\/\q2 we (easily) implement an OR-gadget from Figure 3(b) (bottom) 
guaranteeing qX n+1 Z ~ q'X n+1 Z if and only if qiX n Z ~ or q 2 X n Z ~ q 2 ^"^ ( since 

-ij4cc(g, n+l) if and only if -^Acc(q±,n) or -^Acc{q2, n)). 

To finish the construction, we add transitions pX d where d(p, X 2 ) — d(qo,e) = 
d(r,X) = I and p' X A d' where d'(p',X 2 ) — d(q' Q ,e) = d(r,X) = |; the transitions added 
before guarantee that pX n+2 Z ^ q' X n Z and q X n Z ^ p'X n+2 Z. ' A 

5.2 Bisimilarity of pvPDA is EXPTIME-hard 

In this section we prove the following: 

► Theorem 17. Bisimilarity for pvPDA is EXPTIME-hard, even for fully probabilistic 
pvPDA with |£ r | = |E int | = |E C | = 1. 
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In combination with Theorem [12] we obtain: 



► Corollary 18. The bisimilarity problem for pvPDA is EXP TIME -complete. 

It was shown in [TS] that bisimilarity for (non-probabilistic) vPDA is EXPTIME-complete. 
The hardness result there follows by observing that the proof given in [T5] for general PDA 
works in fact even for vPDA. Referring to the conference version of [IS], it is commented 
in [TS]: "Though conceptually elegant, the technical details of the reduction are rather 
tedious." For those reasons we give a full reduction from the problem of determining the 
winner in a reachability game on pushdown processes. This problem was shown EXPTIME- 



complete in |16| . Our reduction proves Theorem 17 i.e., for unary and fully probabilistic 



pvPDA, and at the same time provides a concise proof for (non-probabilistic) vPDA. 

Proof of Theorem 1171 Let A = (Q,T,{a},^-t) be a unary non-probabilistic PDA with a 
control state partition Q — QqUQi and an initial configuration poXq. We call a configuration 
pXa dead if it has no successor configuration, i.e., if A does not have a rule with pX on the 
left-hand side. Consider the following game between Player and Player 1 on the LTS 5(A) 
induced by A: The game starts in pqXq. Whenever the game is in a configuration pa with 
P € Qi (where i G {0, 1}), Player i chooses a successor configuration of pa in 5(A). The 
goal of Player 1 is to reach a dead configuration; the goal of Player is to avoid that. It is 
shown in |16[ pp. 261-262] that determining the winner in that game is EXPTIME-hard. 

W.l.o.g. we can assume that each configuration has at most two successor configurations, 
and that no configuration with empty stack is reachable. We construct a fully probabilistic 
pvPDA A = (Q, r, {a r , a,i n t, Qc}, °-+) such that the configurations PqXq and p' Xq of A are 
bisimilar if and only if Player can win the game. For each control state p G Q the set Q 
includes p and a copy p' . 

For each pX G Q x T, if pX is dead in A, we add a rule pX o — > pX in A, and a rule 
p' X o — > zX where z G Q is a special control state not occurring on any left-hand side. 
This ensures that if pX is dead in A (and hence Player 1 wins), then we have pX ^ p'X 
in A. 

For each pX £ Q x T that has in A a single successor configuration qa, we add rules 

a,l a,l 

pX o — > qa and p X o — > q a, where a = a r , ai n t, a c if |a| = 0, 1, 2, respectively. 

For each pX € QxT that has in A two successor configurations, let Px a x and p 2 a 2 denote 

the successor configurations. W.l.o.g. we can assume that a\ = X x G T and «2 = ^2 G T. 
If p G Qo we implement an OR-gadget from Figure [3(b)] let 
(p x X x p 2 X 2 ), (p' x X x p' 2 X 2 ), (piXip' 2 X 2 ), (p[X x p 2 X 2 ) G Q be fresh control states, 
and add rules pX o—> (piXip 2 X 2 )X (p^Xip^X^X (this is a short- 

hand for pX o — '> (piXip 2 X 2 )X and pX o-^- — ► {p[Xij/ 2 X 2 )X) and 
p'X ^ ( Pl X lP2 X 2 )X I {p' x X lV2 X 2 )X as well as ( Pl X lP2 X 2 )X 0+ Vx X x \ p 2 X 2 
and {p^Xip^X^X o-> p\X\ \ p' 2 X 2 and { P iXip' 2 X 2 )X 0^ p\X x \ p' 2 X 2 and 
[p' x X xV2 X 2 )X ^ p\X x I p 2 X 2 . 

If p G Qo we implement an AND-gadget from Figure |3(b)| let 
(j> x X x ), (p' x X x ), (p 2 X 2 ), (p' 2 X 2 ) G Q be fresh control states, and add rules 
pX ( Px X x )X I (p 2 X 2 )X and p'X (p x X x )X \ (p' 2 X 2 )X as well as 

(p x X x )X c£^4 Px X x and (p' x X x )X o^A p\X x and (p 2 X 2 )X c^> p 2 X 2 \ zX 
and (p 2 X 2 )X o— > p 2 X 2 \ zX. Here, the transitions to zX serve to implement the 



condition t x 7^ t' 2 from Proposition 13 



An induction argument now easily establishes that poXo ~ PqXq holds in A if and only if 
Player can win the game in A. 
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We remark that exactly the same reduction works for non-probabilistic vPDA, if the 
probabilistic branching is replaced by nondeterministic branching. -4 
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A Proofs omitted from Section [3] 

In this section we present proofs of some claims from Section [3] 



A.l Proof of Lemma [3] 

Lemma [3] follows immediately from the following lemma. 

► Lemma 19. For all configurations qX^ and rY5 of A we have qXj ~ n rY5 in A if and 

only if qXj rY5 in A'. 

Proof. In what follows, given a distribution d = [a± <-> x\, . . . ,a n <-> x n ], we use d w to 
denote the distribution [atiw a n w <— > x n \. Also, we use ~' to denote the relation 

~ of A', to distinguish it from the relation ~ of A. 

Let us start with the direction =>■ of the lemma. For n — the claim obviously 
holds. Assume it holds for all numbers lower than n. Let qXj and rY5 be configur- 
ations of A such that qX^f ~„ rY8. W.l.o.g. let us pick any transition qX o— > q(d±) 
where d\ = [qifti <— > x%, . . . , q n @n ^ x n}- There must be a transition rY o— >• r{d2) 
where d2 — [rxPi H> yx, . . . , r m /3 m h > y m ] such that dj and d^ are ^„_i-equivalent. Let 
q(di) o^> q({q il ai 1 , . . . q.i k ai k }} be an arbitrary rule with q(d\) on the left hand side (the 
case of r(d2) is similar). For the set T = {q^a^, . . . qi k ai k ~/}, we have x < d\(T) and there 
must be a set T' — {rj 1 (3j 1 S, . . . ,rj e /3j e 8} satisfying the conditions of Lemma [2] such that 
d2(T') > di(T) > x. Hence there is an action r(da) °->- r ({ r jiPji 1 ■ ■ ■ r j t Pjt})- Because T and 
T' were chosen to satisfy the conditions of Lemmaji] for any r({rj 1 /3j 1 , . . . rj e /3j e }}5 \ fj/3jS 

(these are the only actions available) there is an action q{{qi 1 ai 1 , . . . qi k a.i k }} \ qiCtij such 
that rjfljS ~ n qiCti'j, and vice versa. 

Now let us analyse <=. For n — the claim obviously holds. Assume it holds for all 
numbers lower than n. Let qX<y and rYS be configurations of A such that qX^ ~ 3 .„ rYS in 
A'. Let qXj d be arbitrary rule, then there is a transition qX'y A- q(d)-f in A' and rYS A 
r(d'}5 such that q(d)'f ~3.„_i r(d')5. There is also a rule rYS >• d', so to finish the proof 
it suffices to see that d 1 and (d') s are ~„_i-equivalent. Let T — {qi 1 a.i 1 f, . . . 7 qi k cti k j} C 
support^ 1 ) be arbitrary (for the subsets of supported') 1 ) the proof is similar), and let 
x = d J (T). There is a transition q{d)^j gdg^a^, . . . , qiu a ih})l-> and hence a transition 
r(d')S A- r {{ r j 1 Pjn ■ ■ ■ , r jePjk})3 such that 

q({q iiail ,.. .,q lk a ik })j ~ 3 .„_ 2 r{{r h P h , . . .,r je P jh }}6 (2) 

We put X" = {rj 1 fij 1 S, . . . ,rj t Pj e S}. We show that T and T' satisfy the conditions from 
Lemma [2] for the relation ~ n _i. First, due to the construction of rules available under 
x we have d 7 (T) < (d') s (T'). Further, for an arbitrary element (^0^7 there is a trans- 
ition q({q il cti 1 , . . . ,qi k a ik })j A 5,Q!j7, and so due to Equation [2] there must be a transition 

r{{rj 1 0j 1 , . . . ,rj e f3j k })5 rjftjS such that q^acf ~ 3n _ 3 fjPjS. Using the induction hypo- 
thesis we get qiCti^ rjfijS, which finishes the proof. A 



A. 2 Analysis of the size of A' 

Let us analyse the size of A'. Let \g\ be the number of rules of A, and let m be the maximal 
size of the support of a distribution assigned by some rule of A. The size of |r'| is at most 
|T| + \q\ + \g\ ■ 2™, the size of E' is at most |E| + \R\ + 1, and the number of rules (in o->) 
under an action a G £ is at most \g\, under an action x € W it is at most \g\ ■ 2 m , where 
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\W\ < \g\ ■ 2 m . The number of rules under the action # is at most \g\ ■ 2 m ■ m. Hence the 
size of A' is exponential in the size of A, but polynomial when the size of the support of 
distributions assigned by rules is fixed. Obviously, the construction can be done in time 
exponential (or polynomial, respectively) in the size of A. 

B Proofs Omitted from Section [4] 
B.l Proof of Theorem [T2] 

We prove the following theorem from the main body of the paper: 



Theorem 12 The bisimilarity problem for pvPDA is in EXPTIME. 



Proof. The proof is structured as follows. First we show that bisimilarity for (non- 
probabilistic) vPDA is in EXPTIME, thus reproving a result from \R>\ via a different method. 
Then we show that, although the reduction from Section [3] yields an exponential blow-up 
in translating from pvPDA to vPDA, our new algorithm for deciding bisimilarity on vPDA 
can still be made to run in single-exponential time in the size of the original pvPDA. 

Let pocxo and qo/3o be the given initial configurations. W.l.o.g. we assume that otQ = Xq G 
r and /?o = Yo/3' with Y$ G T and (3' G T* . Recall that bisimulation in a labelled transition 
system can be naturally characterised by a bisimulation game between two players, Attacker 
and Defender. Two states in a labelled transition system are bisimilar if and only if Defender 
has a winning strategy, see e.g. |15j . 

We define some notation. For relations R C U x 2 V and S <ZV x 2 W , we define (R»S) C 
U x 2 W by R o St, where Sf := {({«i, . . . , v k }, Uti ^) | fc > A (v h At) eS}C2 v x2 w 
and o stands for the join of two relations. Note that Sj 0, hence u i? implies u (R* S) 0. 
To avoid notational clutter in the following, if C and D are sets with c G C and d S D, we 
often write CD instead of C x D and cd instead of (c, d) . 

For finite sets of configurations C, C C QT* we call a relation F C CC x2 cc a (C, en- 
forcing relation if cd F S implies that Attacker, starting in cd, can play so that he either 
wins or reaches a configuration in S (Defender may choose which configuration in S). If F 
is a (C, C")-forcing relation, then 

F /T := {(cXdY, {c[Xd[Y, . . . , c' k Xd' k Y}) | A, Y e T A (cd, {^d[, . . . , d k d' k }) G F] 

is a (CT, CT)-forcing relation. If F is a (C, C")-forcing relation and F' is a (C, C")-forcing 
relation, then F • F' is a (C, C")-forcing relation. The union of (C, C")-forcing relations 
is a (C, C")-forcing relation, so there is a largest (C, C")-forcing relation. We have that 
PqXq 7^ qoYo/3' holds if and only 



(paXogoYo) F {pq G QQ \ qfi has an outgoing transition} 



holds for the largest (QT, Q)-forcing relation F. (In particular, if /?' = e, then Attacker wins 
if and only if (po-X"o9o^o) F holds.) Hence it suffices to compute F in exponential time. 
For each a G S c we define a "local" (QT, Qrr)-forcing relation [a] by 

(pXqY) [a] A ^ 3pl4 p'X'X" : A D {p' X' X" q'Y'Y" \ qY 4 q'Y'Y"} 
W3qYA q'Y'Y" : A D {p'X'X"q'Y'Y" \ pX 4 p'X'X"} . 

For a G Ej nt and a G S r we analogously define local (Qr, QT)- and (QT, Q)-forcing relations 
[a], respectively. Those forcing relations can be computed in exponential time. Let F be 
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the least solution of the following equation system: 



F= |J [a] U 



|J [a]»F U |J [a].F /r .F. 




The least fixed point F can be computed by a simple Kleene iteration starting from F = 0. 
The iteration terminates after at most |QrQr x 2^^\ rounds, each of which takes at most 
exponential time. It is not hard to see that F is the largest (QT, Q)-forcing relation. It 
follows that bisimilarity for (non-probabilistic) vPDA can be decided in exponential time. 

Now we consider a (probabilistic) pvPDA A = (Q,r,S,^) with action partition 
£ = £ r U Sj„t U E c . We use essentially the reduction from Section [3] to compute a (non- 
probabilistic) vPDA A' = (Q, T' , o->), but we need to adapt it slightly to preserve 
"visibly-ness": Instead of the action # we need three actions # r £ SJ, and £ Sj- n4 

and # c £ E^. in A'. This change does not affect the correctness of the reduction. Observe 
that S; = {# r } and E' c = {# c } and E' int = £ U T¥ U {# irl t}. For each a e S c we define a 
local (QT, Qrr)-forcing relation [a] in A' by 



to the (non-probabilistic) vPDA A'. For a £ Ei„ ( and a S S r we analogously define local 
(Qr,Qr)- and (QT, Q)-forcing relations [a], respectively. The fact that these are valid 
forcing relations in A' follows from the structure of the reduction, where each transition is 
mapped to three consecutive transitions in A'. 



► Lemma 20. For all a € X, the relation [a] can be computed in exponential time. 



Proof of the lemma. We assume a <E X c ; the other cases are similar. It suffices to show 
that, given pXqY £ QTQT and A C QTTQTT, we can check in exponential time whether 
pXqY [a] A holds. To show this we give an alternating PSPACE algorithm that checks 
whether pXqY [a] A holds. Then the lemma follows from APSPACE = EXPTIME. We 
formulate the APSPACE algorithm in terms of an existential player (corresponding to At- 
tacker) and a universal player (corresponding to Defender): 




where [■]' refers to the local forcing relation [•] defined above, where the definition is applied 
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input: a € S c and pXqY € QTQT and A C QTTQTT 
return: whether pXqY [a] A holds 
ex. player: choose either: 

ex. player: choose d s.t. pX o-s> p(d) 
un. player: choose e s.t. qY o— >• q(e) 
or: 

ex. player: choose e s.t. o-> q(e) 

un. player: choose d s.t. pX o-> p(c?) 
ex. player: choose either: 

ex. player: choose w,T s.t. p(d) o-» p(T) 

un. player: choose U s.t. q(e) o-> g(/7) 
or: 

ex. player: choose u>, U s.t. <?(e) o-> g(C7) 
un. player: choose T s.t. p{d) o-> p(T) 
ex. player: choose either: 

ex. player: choose p'X'X" s.t. p(T) cA p'X'X" 

un. player: choose q'Y'Y" s.t. q(U) M q'F'r" 
or: 

ex. player: choose q'Y'Y" s.t. g(J7) cA g'F'y" 

un. player: choose p'X'X" s.t. p(T) cA p'X'X" 
return whether p'X'X" q'Y'Y" e A holds 

•4 

We can compute the largest (QT, Q)-forcing relation F as above, i.e., by solving the 
equation system 

F = U N u U M ,F u U N-^/r-f 

using simple Kleene iteration. As above, the iteration terminates after at most |QrQrx 2 < 2 < ^| 
rounds, each of which takes at most exponential time. This completes the proof. < 
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